sure ok benno@
Jonathan Gray(j...@jsg.id.au) on 2017.10.19 16:33:35 +1100:
> Use after free and a memory leak.
>
> Index: parse.y
> ===================================================================
> RCS file: /cvs/src/usr.sbin/acme-client/parse.y,v
> retrieving revision 1.17
> diff -u -p -U4 -r1.17 parse.y
> --- parse.y 23 Mar 2017 12:59:32 -0000 1.17
> +++ parse.y 19 Oct 2017 04:50:29 -0000
> @@ -224,10 +224,10 @@ domain : DOMAIN STRING {
> char *s;
> if ((s = strdup($2)) == NULL)
> err(EXIT_FAILURE, "strdup");
> if (!domain_valid(s)) {
> - free(s);
> yyerror("%s: bad domain syntax", s);
> + free(s);
> YYERROR;
> }
> if ((domain = conf_new_domain(conf, s)) == NULL) {
> free(s);
> @@ -335,8 +335,9 @@ domainoptsl : ALTERNATIVE NAMES '{' altn
> if ((s = strdup($3)) == NULL)
> err(EXIT_FAILURE, "strdup");
> if (authority_find(conf, s) == NULL) {
> yyerror("use: unknown authority");
> + free(s);
> YYERROR;
> }
> domain->auth = s;
> }
>